892e034908
Phase 3 of #273. Container plumbing for the bundled frontend dist: - flake.nix overlay: `pkgs.hyperhive-frontend` exposed for the agent / manager containers (mirrors the existing `pkgs.hyperhive` pattern); module argument `hyperhiveFrontend = system: self .packages.${system}.frontend` threads the package into the host hive-c0re module without forcing operators to apply the overlay on their host pkgs. - `services.hive-c0re.frontend` option: pinned to the flake's frontend package by default, overridable for custom dashboard SPAs. The hive-c0re systemd service gets `HIVE_STATIC_DIR = ${cfg.frontend}/dashboard` — the Rust binary will pick it up in Phase 4. - `hyperhive.frontend.dist` option: per-container, defaults to `pkgs.hyperhive-frontend`. Override to ship a fully custom agent SPA (advanced; the default + extraFiles flow handles the common 'add files' case). - `hyperhive.frontend.extraFiles` option: attrsOf submodule (mirroring the `hyperhive.extraMcpServers` shape per damocles' request so existing #322-style assertions keep their grip). Each entry has `source` (path relative to agent.nix) and `target` (URL/disk prefix within the merged static tree, defaulting to the attribute name). Operator-named example: the bitburner agent drops `bitburner-dist` into `/bitburner/` alongside the default agent UI at `/`. - `hyperhive.frontend.mergedDist` (readOnly): the runCommand derivation that composes `agent/` from the default dist plus every `extraFiles` entry. Aborts on overwrite so a filename collision becomes a build error rather than a silent dist swap. agent-base.nix + manager.nix set their respective systemd service `HIVE_STATIC_DIR` to this merged path. Until Phase 4 lands, the env var is set but unused — the Rust binaries still serve assets via `include_str!`. The cutover happens in the next commit on this branch. Refs #273.
205 lines
6.8 KiB
Nix
205 lines
6.8 KiB
Nix
{
|
|
description = "hyperhive — multi-Claude-Code-agent orchestration on nixos-containers";
|
|
|
|
inputs = {
|
|
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
|
|
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
|
|
naersk = {
|
|
url = "github:nix-community/naersk";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
treefmt-nix = {
|
|
url = "github:numtide/treefmt-nix";
|
|
inputs.nixpkgs.follows = "nixpkgs";
|
|
};
|
|
};
|
|
|
|
outputs =
|
|
inputs@{
|
|
self,
|
|
nixpkgs,
|
|
nixpkgs-unstable,
|
|
naersk,
|
|
treefmt-nix,
|
|
}:
|
|
let
|
|
inherit (nixpkgs) lib;
|
|
systems = [
|
|
"aarch64-linux"
|
|
"x86_64-linux"
|
|
];
|
|
treefmt-config = {
|
|
projectRootFile = "flake.nix";
|
|
programs = {
|
|
keep-sorted.enable = true;
|
|
nixfmt.enable = true;
|
|
rustfmt.enable = true;
|
|
taplo.enable = true;
|
|
};
|
|
};
|
|
forAllSystems =
|
|
f:
|
|
lib.genAttrs systems (
|
|
system:
|
|
f rec {
|
|
inherit system;
|
|
pkgs = nixpkgs.legacyPackages.${system};
|
|
treefmt-eval = treefmt-nix.lib.evalModule pkgs treefmt-config;
|
|
naersk-lib = pkgs.callPackage naersk { };
|
|
}
|
|
);
|
|
in
|
|
{
|
|
packages = forAllSystems (
|
|
{ pkgs, naersk-lib, ... }:
|
|
{
|
|
default = naersk-lib.buildPackage {
|
|
src = ./.;
|
|
meta.description = "hyperhive workspace (hive-c0re, hive-ag3nt, hive-m1nd)";
|
|
};
|
|
# Bundled browser assets — see ./nix/frontend.nix. Output is
|
|
# $out/{dashboard,agent}/ which the Rust binaries serve via
|
|
# tower_http::ServeDir (wired up in Phase 4 of #273).
|
|
frontend = pkgs.callPackage ./nix/frontend.nix {
|
|
branding-svg = ./branding/hyperhive.svg;
|
|
};
|
|
}
|
|
);
|
|
|
|
overlays = {
|
|
default = final: prev: {
|
|
hyperhive = self.packages.${prev.stdenv.hostPlatform.system}.default;
|
|
# Bundled frontend dist (see ./nix/frontend.nix). Output is
|
|
# $out/{dashboard,agent}/; consumers pick the surface they
|
|
# need. Exposed via the overlay so containers' nix evaluations
|
|
# can reach it as `pkgs.hyperhive-frontend` once the overlay
|
|
# is applied (manager + agent containers both apply it via
|
|
# `mkContainer` further down).
|
|
hyperhive-frontend = self.packages.${prev.stdenv.hostPlatform.system}.frontend;
|
|
};
|
|
claude-unstable =
|
|
final: prev:
|
|
let
|
|
# The overlay imports its own nixpkgs-unstable instance to
|
|
# pin claude-code there. That instance has its own config
|
|
# (independent from the user's prev.config), so we have to
|
|
# set allowUnfreePredicate inline to whitelist claude-code
|
|
# specifically — otherwise the unstable import itself
|
|
# refuses to evaluate. This is scoped: only claude-code
|
|
# bypasses unfree, nothing else.
|
|
unstable = import nixpkgs-unstable {
|
|
inherit (prev.stdenv.hostPlatform) system;
|
|
config.allowUnfreePredicate = pkg: builtins.elem (prev.lib.getName pkg) [ "claude-code" ];
|
|
};
|
|
in
|
|
{
|
|
inherit (unstable) claude-code;
|
|
};
|
|
};
|
|
|
|
nixosModules = {
|
|
agent-base = ./nix/templates/agent-base.nix;
|
|
manager = ./nix/templates/manager.nix;
|
|
# The hive-c0re module wants `pkgs.hyperhive` for its default
|
|
# `services.hive-c0re.package`. To avoid making operators apply an
|
|
# overlay (which would also pollute their host pkgs with our
|
|
# build), we thread the package straight from this flake's
|
|
# `packages.<system>.default` via a `hyperhivePackage` argument.
|
|
# The `claude-unstable` overlay only matters inside our container
|
|
# builds (already applied internally in `nixosConfigurations`).
|
|
hive-c0re = import ./nix/modules/hive-c0re.nix {
|
|
hyperhivePackage = system: self.packages.${system}.default;
|
|
hyperhiveFrontend = system: self.packages.${system}.frontend;
|
|
hyperhiveFlake = "${self}";
|
|
};
|
|
hive-forge = ./nix/modules/hive-forge.nix;
|
|
# Convenience alias: one import covers the full hyperhive host
|
|
# stack (hive-c0re + hive-forge, since hive-c0re already pulls
|
|
# in hive-forge). Intended usage:
|
|
#
|
|
# imports = [ hyperhive.nixosModules.default ];
|
|
# services.hive-c0re.enable = true;
|
|
#
|
|
default = self.nixosModules.hive-c0re;
|
|
};
|
|
|
|
nixosConfigurations =
|
|
let
|
|
mkContainer =
|
|
module:
|
|
nixpkgs.lib.nixosSystem {
|
|
system = "x86_64-linux";
|
|
modules = [
|
|
module
|
|
{
|
|
nixpkgs.overlays = [
|
|
self.overlays.default
|
|
self.overlays.claude-unstable
|
|
];
|
|
}
|
|
];
|
|
};
|
|
in
|
|
{
|
|
agent-base = mkContainer self.nixosModules.agent-base;
|
|
manager = mkContainer self.nixosModules.manager;
|
|
};
|
|
|
|
devShells = forAllSystems (
|
|
{ pkgs, ... }:
|
|
{
|
|
default = pkgs.mkShell {
|
|
packages = with pkgs; [
|
|
cargo
|
|
clippy
|
|
pkg-config
|
|
rust-analyzer
|
|
rustc
|
|
rustfmt
|
|
sqlite
|
|
];
|
|
};
|
|
}
|
|
);
|
|
|
|
formatter = forAllSystems ({ treefmt-eval, ... }: treefmt-eval.config.build.wrapper);
|
|
|
|
checks = forAllSystems (
|
|
{
|
|
treefmt-eval,
|
|
pkgs,
|
|
naersk-lib,
|
|
...
|
|
}:
|
|
{
|
|
formatting = treefmt-eval.config.build.check self;
|
|
# Clippy as a check: reuse naersk's vendored-deps environment but
|
|
# replace the build phase with `cargo clippy --workspace --all-targets
|
|
# -- -D warnings`. Naersk's own `mode = "clippy"` mangles the `--`
|
|
# separator, so we go through overrideAttrs instead.
|
|
clippy =
|
|
(naersk-lib.buildPackage {
|
|
src = ./.;
|
|
# Skip the actual build; we only care about the clippy lint.
|
|
doCheck = false;
|
|
copyTarget = false;
|
|
}).overrideAttrs
|
|
(old: {
|
|
name = "${old.name}-clippy";
|
|
nativeBuildInputs = (old.nativeBuildInputs or [ ]) ++ [ pkgs.clippy ];
|
|
buildPhase = ''
|
|
runHook preBuild
|
|
cargo clippy --workspace --all-targets -- -D warnings
|
|
runHook postBuild
|
|
'';
|
|
installPhase = ''
|
|
runHook preInstall
|
|
mkdir -p $out
|
|
touch $out/.clippy-passed
|
|
runHook postInstall
|
|
'';
|
|
});
|
|
}
|
|
);
|
|
};
|
|
}
|